Malcolm v26.04.1 contains improvements, bug fixes, security updates, and component bumps.

If you are upgrading from an existing Malcolm installation, run ./scripts/status for Malcolm to migrate some settings prior to running ./scripts/configure, ./scripts/start, or other Malcolm control scripts.

v26.02.0...v26.04.1

Note that v26.04.1 is the same as v26.04.0 released last week, apart from the fix for bug #943. If you're already running v26.04.0 and don't use the encrypted install option in the installer ISO, you probably don't need to worry about updating to v26.04.1. The full release notes from v26.04.0 are also included here.

• ✨ Features and enhancements
  • implemented easier way to enable/disable Strelka scanners #935
  • Handle nested file scanning (e.g., from ZIP files) with Strelka #922
  • index selected Strelka result fields #919
• ✅ Component version updates
  • Zeek to v8.1.1
  • Arkime to v6.1.1
  • crytography to v46.0.6 (for CVE-2026-34073)
  • evtx to v0.11.2
  • Flask to v3.1.3 (for CVE-2026-27205)
  • Fluent Bit to v5.0.2
  • Logstash to v9.2.7
  • Requests to v2.33.1 (for CVE-2026-25645)
  • supercronic to v0.2.43
  • yq to v4.52.5
  • Updates for ICSNPP Hart IP parser #924
• 🐛 Bug fixes
  • Hedgehog Linux Breaking on Reboot after Encrypted Quick Install with Multiple Drives #943
  • Fix YAML syntax error in kubernetes/15-redis.yml due to missing end quote #926
  • Using remote elasticsearch data store uses deprecated ssl_certificate_verification setting [https://github.com/cisagov/Malcolm/issues/915]
  • fix Malcolm API loopback webhook to handle RBAC and non-JSON formatted events #916
  • fix issues in zeekdeploy.sh to handle long crypto handshakes and Zeek's state DB getting out of sync
• 🧹 Code and project maintenance
  • swap redis out for valkey #882
  • pin all third-party GitHub CI actions at known good SHA sums to mitigate things like the Trivy supply chain attack #933
  • some minor tweaks to various Dockerfiles and ISO build scripts to address vulnerability scanner findings
  • some documentation updates
• 📄 Configuration changes for Malcolm (in environment variables in ./config/). The Malcolm control script (e.g., ./scripts/status, ./scripts/start) automatically handles creation and migration of variables according to ./config/env-var-actions.yml.
  • Added ARKIME_PCAP_LIBPCAP to arkime.env should uses wish to revert to older libpcap mode for PCAP file processing rather than faster scheme processing (default false)
  • FILEBEAT_SCANNER_FINGERPRINT_LENGTH's default in filescan.env has been changed from 1024 to 512
  • redis.env has been renamed to valkey.env and its variables also have been renamed accordingly
  • STRELKA_SCANNERS has been added to pipeline.env for #935
  • ZEEK_DISABLE_SPICY_ZIP has been added to zeek.env for #922 (default true)

Malcolm is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻‍♀️.

Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.

Alternatively, dedicated official ISO installer images 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (release_cleaver.sh) and PowerShell 🪟 (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.

As always, join us on the Malcolm discussions board 💬 to engage with the community, or pop some corn 🍿 and watch a video 📼.

#Malcolm #HedgehogLinux #Zeek #Arkime #Strelka #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL

Step-by-Step Guide to Install #NetBox on #Ubuntu VPS

This article provides a step-by-step guide to install NetBox on Ubuntu VPS server.
What is NetBox?
NetBox is a powerful and versatile open-source tool that allows you to efficiently manage your network infrastructure. In this comprehensive guide, we will walk you through the process of installing NetBox on your Ubuntu VPS. By following these ...
Continued 👉 https://blog.radwebhosting.com/step-by-step-guide-to-install-netbox-on-ubuntu-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.raddemo.host #letsencrypt #ipaddressmanagement #installguide

Step-by-Step Guide to Install #NetBox on #Ubuntu VPS

This article provides a step-by-step guide to install NetBox on Ubuntu VPS server.
What is NetBox?
NetBox is a powerful and versatile open-source tool that allows you to efficiently manage your network infrastructure. In this comprehensive guide, we will walk you through the process of installing NetBox on your Ubuntu VPS. By following these ...
Continued 👉 https://blog.radwebhosting.com/step-by-step-guide-to-install-netbox-on-ubuntu-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social #installguide #letsencrypt #ipaddressmanagement

I'm looking at using #netbox as an IPAM for #proxmox and I'm sad to discover that the native integration is completely unfit for purpose. No way to specify VRF. Unable to handle nested prefixes.

Looking at #terraform (well, #opentofu) to do this instead as a proof of concept. And that's before I get to the CAPI part of treating #kubernetes clusters like the resources they should be.

Just wanted to drop this little note here for all eternity to say thank you to everyone even remotely involved with #netbox. For a #selfhosted #homelab, that thing is amazing.

The very brief and incomplete list I'm using it for:
- document my network that spans three physical sites
- source of 'truth' for my IP addresses
- push IP's and Macs to my OpenWRT router to keep the DHCP static lease table in sync with the truth
- document my tailnet
- list goes on..

https://netboxlabs.com/

today I enabled LLDP on my switches and my hosts (using lldpd) in my #homelab

why didn't I try this before? instead of consulting my #netbox instance or logging into the switch to see which port a machine is connected to, I can just run lldpctl to see the machines neighbors, which VLAN the port is configured as and so forth.

yes, this is just a home network where I have control over devices and their configurations. but still.

#jinja2 support coming to NetBox-Zabbix-Sync soon 🤯 #netbox #zabbix ❤️

https://github.com/retigra/netbox-zabbix-sync/tree/feature/jinja2-foundation

Crying in #netbox prefix import...

does anyone has an idea what netbox expect as as "site", "vlan" (the ID?), "scope type" and expecially as "scope_id".

The export only has 2x "Scope" in the export 😭

Step-by-Step Guide to Install #NetBox on #Ubuntu VPS

This article provides a step-by-step guide to install NetBox on Ubuntu VPS server.
What is NetBox?
NetBox is a powerful and versatile open-source tool that allows you to efficiently manage your network infrastructure. In this comprehensive guide, we will walk you through the process of installing NetBox on your Ubuntu VPS. By following these ...
Continued 👉 https://blog.radwebhosting.com/step-by-step-guide-to-install-netbox-on-ubuntu-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.raddemo.host #ipaddressmanagement #letsencrypt #installguide